1 files changed, 11 insertions, 2 deletions

diff --git a/www/createfolder.php b/www/createfolder.php
index cf45565..f1bca21 100644
--- a/www/createfolder.php
+++ b/www/createfolder.php
@@ -16,6 +16,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){
 
 	$folder=$_POST["folder"];
 	$name = $_POST["username"];
+	$sname =  SQLite3::escapeString("$name");
 	$public = SQLite3::escapeString("$_POST[public]");
 	$pwd_unsafe = $_POST["pwd"];
 	$pwd = SQLite3::escapeString("$pwd_unsafe");
@@ -35,12 +36,20 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){
 
 	$db = new SQLite3("../database/sqlite.db");
 
+	$id_db = $db->query("SELECT id FROM user WHERE name=$sname;")
+	$id_ar = $id_db->fetchArray(SQLITE3_NUM);
+	$id = $id_ar[0];
+
+	if(!preg_match("/[0-9]+/", $id)){
+		database_error();
+	}
+
 	for($i=0; $i<$length; $i++){
 		if(!empty($folder_array_unsafe[$i])){
 			$folder_array[$i]=SQLite3::escapeString("$folder_array_unsafe[$i]");
 			if($absolutpath){
 				if($db->exec("
-					INSERT INTO files (id, parent, name, folder, share) VALUES (NULL, $k, '$folder_array[$i]', '$type', '$public');
+					INSERT INTO files (id, parent, owner, name, folder, share) VALUES (NULL, $k, $id, '$folder_array[$i]', '$type', '$public');
 				")){
 					$primary_key_db = $db->query("SELECT id FROM files WHERE name='$folder_array[$i]'");
 					$primary_key_ar = $primary_key_db->fetchArray(SQLITE3_NUM);
@@ -55,7 +64,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST'){
 				$primary_key = $primary_key_ar[0];
 				if($db->exec("
 					BEGIN TRANSACTION;
-					INSERT INTO files (id, parent, name, folder, share) VALUES (NULL, $primary_key, '$folder_array[$i]', '$type', '$public');
+					INSERT INTO files (id, parent, owner, name, folder, share) VALUES (NULL, $primary_key, $id, '$folder_array[$i]', '$type', '$public');
 					COMMIT;
 				")){
 					$pwd='$folder_array[$i]';